feishu-cli
GitHub通过 lark-cli 命令行工具操作飞书/Lark,涵盖消息、文档、日历等模块。支持安装配置、身份认证及数据读写,强调安全规范与 dry-run 机制。
Trigger Scenarios
Install
npx skills add fanfan-de/anybox --skill feishu-cli -g -y
SKILL.md
Frontmatter
{
"name": "feishu-cli",
"description": "Use when the user wants to operate Feishu or Lark through the official lark-cli command-line tool from shell commands, including setup, authentication, messages, docs, calendar, sheets, base, tasks, mail, meetings, approvals, and raw OpenAPI calls."
}
Feishu CLI
Use this skill when the user asks to use Feishu, Lark, Feishu CLI, Lark CLI, or lark-cli from the agent shell. This is a CLI-first workflow, not an MCP workflow. Use shell commands to call lark-cli directly.
Operating Model
- Prefer
lark-clifor Feishu/Lark work instead of direct HTTP calls when this skill is active. - Treat
lark-clias the owner of app configuration, OAuth login, scopes, user/bot identity selection, and local credential storage. - Do not ask the user for access tokens, refresh tokens, app secrets, or cookies. Do not print or save secrets.
- Use
--format jsonfor read commands whenever supported so results are machine-readable. - Keep commands narrow and explicit. Avoid raw OpenAPI calls unless a shortcut or service command cannot do the job.
Setup Checks
First check whether the CLI is available:
lark-cli --version
If it is missing, tell the user it needs to be installed, then use the official installer when the user wants you to proceed:
npx @larksuite/cli@latest install
After installation, initialize app configuration if needed:
lark-cli config init --new
Then check login state:
lark-cli auth status
If not logged in, start login with recommended scopes:
lark-cli auth login --recommend
For agent-driven browser handoff, use non-blocking login when appropriate and relay only the authorization URL or next safe instruction to the user:
lark-cli auth login --recommend --no-wait
Safety Rules
- Before sending messages, modifying documents, updating calendars, changing records, approving requests, deleting anything, or calling raw write APIs, get explicit user confirmation unless the user has already clearly asked for that exact action.
- For write commands that support it, run
--dry-runfirst and summarize the intended change before executing the real command. - Do not add the Feishu/Lark bot to public or broad group chats as part of setup. If group access is needed, ask the user to handle membership deliberately.
- Never run broad destructive commands such as bulk delete, recursive permission changes, or mass updates unless the user explicitly scopes the target set.
- When a command fails for missing scope or permission, report the missing capability and use
lark-cli auth checkorlark-cli auth loginwith a narrower domain or scope instead of retrying blindly.
Common Commands
Check authentication:
lark-cli auth status
lark-cli auth list
lark-cli auth scopes
Calendar examples:
lark-cli calendar +agenda --format json
lark-cli calendar +agenda --as user --format json
Messages:
lark-cli im +messages-send --as bot --chat-id "oc_xxx" --text "Hello" --dry-run
lark-cli im +messages-send --as bot --chat-id "oc_xxx" --text "Hello"
Docs:
lark-cli docs +create --api-version v2 --doc-format markdown --content "<title>Title</title>`n# Heading`nContent"
Raw API fallback:
lark-cli api GET /open-apis/calendar/v4/calendars --format json
lark-cli api POST /open-apis/im/v1/messages --params "{\"receive_id_type\":\"chat_id\"}" --data "{\"receive_id\":\"oc_xxx\",\"msg_type\":\"text\",\"content\":\"{\\\"text\\\":\\\"Hello\\\"}\"}" --dry-run
Workflow
- Identify whether the task is read-only or a write action.
- Run setup checks only when the current CLI/auth state is unknown.
- Choose the highest-level shortcut command first, then service commands, then raw API as a last resort.
- For read tasks, return a concise summary and mention key IDs only when useful.
- For write tasks, dry-run when available, confirm the target and content, then execute.
- If output is too large, rerun with narrower filters, pagination, or a more specific command.
Troubleshooting
- If
lark-cliis not recognized, install it or ensure the install directory is onPATH. - If login requires browser interaction, provide the authorization URL or instruction and wait for the user to complete it.
- If the CLI says a scope is missing, use
lark-cli auth checkfor the relevant scope and ask the user to reauthorize with the needed scope. - If a Feishu command cannot access a resource, verify whether the current identity is
userorbotand rerun with--as useror--as botwhen appropriate.
Version History
- 08dc189 Current 2026-07-05 18:58


